Security researcher Mark Burnett released a torrent of 10 million passwords and usernames, a trove of comparatively anonymized data that he sourced from open websites from around the web. The passwords and usernames are older and most probably dead and, most importantly, Burnett sourced them from websites that were “generally available to anyone and discoverable via search engines in a plaintext (unhashed and unencrypted) format and therefore already widely available to those with an intent to defraud or gained unauthorized access to computer systems.”
Why did he do it? Password behaviors are opaque. No one knows why we choose certain passwords over others nor do they have any way of assessing the relative strength of passwords on the web. While corporations like to say their password databases are secure, how do we know? And how can they be secure when the most popular password is “password?”
You can download the trove here.
It is interesting to note that Burnett had a great deal of trouble deciding whether he wanted to release these passwords. Because the law is often opaque regarding technical issues and legislators are ignorant when it comes to the same, people like Burnett are actually afraid to publish their research. The jailing of a journalist named Barrett Brown is one step in the long road towards self-censorship in matters of security and that can’t be the case.
So download those passwords and figure out just where you’re going wrong. I, for one, will never give up my super secure password of “ILovePizzaAndBeerLakers2015!”